Touch ID

Touch ID is Apple's iPhone and iPad biometric fingerprint recognition system, used to verify Apple Pay payments and to supplement device passcodes and in-app passwords. First introduced in 2013, Touch ID is built into the Home button of the iPhone 5s and later, the iPad mini 3 and later, the iPad Air 2 and later, and the iPad Pro.

Touch ID is built around a capacitive touch sensor that can read and analyze sub-epidermal skin layers to identify each person's unique fingerprint to make tasks like downloading apps and unlocking iOS devices more convenient. Touch ID is available in Apple's own apps and in third-party apps, allowing users to protect sensitive data like passwords or notes with a fingerprint.

Fingerprint data used for Touch ID is stored directly on each iOS device in a "Secure Enclave" and is never accessible in the cloud.

'Touch ID' How Tos

Although more prominent features like Night Shift and a few new Quick Actions are getting the spotlight with the launch of iOS 9.3, one new lesser-known update is definitely worth checking out. In iOS 9.3, Apple has improved the functionality of its first-party Notes app with the ability to add password or Touch ID security for individual notes.
The feature allows users to prevent access to sensitive information on a case-by-case basis (some notes, like a shopping list, might not be as high risk), just in case someone gets past the lock screen security of the iPhone itself. With some people even using Notes to store passwords for various sites and services, Apple's security-enhanced update is well worth checking out.
Creating a Password in Notes on iOS
The steps needed to set up a password or Touch ID for your Notes are straight-forward and should only take a few moments to complete.

'Touch ID' Articles

In a new case that echoes Apple's past struggle with the FBI, the Department of Justice has been granted a warrant to search a home in Lancaster, California -- and all the smartphones inside of it -- for all "passwords, encryption keys, and other access devices that may be necessary to access" the various handsets and tablets discovered inside the location. Notably, this includes requiring every person inside the home to provide their fingerprints to the cops to bypass the biometric scanners of each device (via Forbes).
Filed May 9, 2016, a section of the warrant reads:
“authorization to depress the fingerprints and thumbprints of every person who is located at the SUBJECT PREMISES during the execution of the search and who is reasonably believed by law enforcement to be the user of a fingerprint sensor-enabled device that is located at the SUBJECT PREMISES and falls within the scope of the warrant.” An anonymous person located at the home in question avoided providing details of the crime in question, but they did indicate that the warrant has been served. The person claimed that they did not know about the specifics of the warrant's parameters until it was served to them, and they are "trying to let this pass over" in the meantime.
The case has been said to "shock" legal experts because of the legalese workaround used in the warrant. According to one expert, the government filed the warrant "on the assumption that they will learn more after they have a warrant," without providing any particulars as to what they plan to find at the home in question. This practice

Apple is investigating ways that future iOS devices could store the biometric details of suspected criminals in cases of theft (via AppleInsider).
An Apple patent published today by the U.S. Patent and Trademark Office describes "Biometric capture for unauthorized user identification", by using an iPhone or iPad's Touch ID feature, camera, and other sensors.
The proposed system augments typical Touch ID verification by capturing and storing information about a potential thief after six fingerprint unlocking attempts have failed and the wrong passcode is inputted 10 times (after which a "cool down" period or a complete data wipe is activated, depending on user setting).
In another variation, a single failed authentication triggers the capture of fingerprint data and the device takes a picture of the user via the front-facing camera.
In yet other embodiments, the system can be configured by the user to enable or disable various triggers and scenarios in which the biometric capture protocols are activated. The patent also specifies how other data could be logged in the background to supplement the biometric capture, including time stamps, device location, speed, air pressure, audio data, and more.
Flowcharts illustrate different implementations of the security system.
After capture, the data is stored either locally on the device or sent to a remote server for evaluation, while purges of data are activated when the system determines that it is no longer required.
In suggested uses that are likely to be controversial, Apple describes how the server-side

FIS and Payment Alliance International have announced a new partnership that will see cardless withdrawals with Touch ID enabled at over 70,000 ATMs at stores, gas stations, restaurants, and shopping malls across the United States.
FIS Cardless Cash is a QR code-based solution that will reduce the risk of card skimming and shoulder surfing at ATMs by allowing customers to securely withdraw their funds through an iPhone app without inserting a plastic card into the machine. All transactions will require Touch ID verification as an additional layer of security.
Payment Alliance International is the largest independent operator of non-bank-owned ATMs in the United States, and its partnership with FIS makes NYCE the first national payment network to support mobile phone-to-ATM transactions.
Bloomberg previously reported that Payment Alliance International will start rolling out the technology in August or September, and plans to have cardless cash access at 25,000 machines in the U.S. by the end of 2017. FIS and Payment Alliance International did not confirm those specific plans in their announcement.
This announcement follows in the footsteps of Bank of America rolling out support for withdrawing cash from its ATMs using Apple Pay for a few months. Wells Fargo will also enable support for Apple Pay withdrawals at many of its ATMs by year end, while Chase Bank plans to upgrade its ATMs with cardless technology this

Unlocking an iPhone via Touch ID in lieu of a passcode makes it much easier to maintain security while preserving convenience, and Touch ID's ease of use has left many Mac users wondering when a similar feature might be introduced for Apple's desktop and notebook machines.
There has been speculation Apple might introduce dedicated Touch ID fingerprint scanning hardware for the Mac, but as it turns out, Apple is working on a simpler way to allow a Touch ID to unlock a Mac, and it's a feature that could be included in OS X 10.12.
Apple engineers are designing an auto unlock function that would allow an iPhone to unlock a Mac when in close proximity, alleviating the need to enter a password on a password-protected Mac.
The feature, which uses Bluetooth LE frameworks, will presumably work similarly to the automatic unlocking function on the Apple Watch, which allows an unlocked iPhone to bypass the passcode restriction on a connected Apple Watch. In this scenario, an iPhone's Touch ID button would likely be used as a verification method for simpler logins.
It's also possible that a connection with an Apple Watch could be used to unlock the Mac even when an iPhone isn't present, making the process even simpler. This concept has already been demonstrated through the Knock app for the iPhone and Apple Watch, using a Bluetooth connection to unlock a Mac instead of a password. Knock requires an iOS app and a Mac app to work, but an Apple-designed feature will undoubtedly be simpler.
The unlocking feature would likely work hand-in-hand with Apple Pay support for web

Apple recently added a new passcode requirement rule for iPhones with Touch ID enabled, according to MacWorld. The new rule requires a user to enter a passcode when an iPhone or iPad has met two conditions: the device has not been unlocked via a passcode for six days and has not been unlocked with Touch ID for the past eight hours.
Users (including this reporter) began noticing this change in the last several weeks, even though an Apple spokesperson says it was added in the first release of iOS 9. However, a bullet point describing this restriction only appeared in the iOS Security Guide on May 12, 2016, according to the guide’s internal PDF timestamp. Apple declined to explain the rationale for this restriction.The previous five passcode requirements are: the device has been turned on or restarted, the device has not been unlocked for 48 hours, the device has received a remote lock command from Find My iPhone, five unsuccessful Touch ID attempts and adding new fingers to Touch ID.
It's unclear why Apple added the restriction and why it chose an eight-hour window, but the rule comes after a judge granted a search warrant forcing a woman to unlock her iPhone with Touch ID. The decision comes as some believe the biometric nature of Touch ID isn't protected by the Fifth Amendment's protection against self-incrimination. Passcodes, however, are considered protected individual

For the first time in a federal case, authorities in a Los Angeles courtroom have issued a search warrant forcing a woman to bypass her iPhone's biometric security using Apple's Touch ID system (via LA Times). The woman in question -- Paytsar Bkhchadzhyan -- was arrested due to charges of identity theft and had previous strings of various criminal convictions.
According to jail records, U.S. Magistrate Judge Alicia Rosenberg signed the Touch ID-related search warrant about 45 minutes after Bkhchadzhyan was taken into custody on February 25. By the afternoon of her arrest, the suspect pleaded no contest to the charges of identity theft and gave the court her fingerprint to unlock the iPhone.
Police recovered Bkhchadzhyan's smartphone at the residence of her boyfriend, Sevak Mesrobian, known to be the member of a local gang, so it's unclear whether the contents of the device were sought after due to Bkhchadzhyan's crimes or her proximity to Mesrobian's gang.
The court's decision in the case follows the thin rules regarding a person's Fifth Amendment's protection against self-incrimination, which relates that numeric passcodes are protected individual privacies, but fingerprints are not. For this reason, some believe new modern laws need to be enacted specifically detailing fingerprint-related security features.
"It isn't about fingerprints and the biometric readers," said Susan Brenner, a law professor at the University of Dayton who studies the nexus of digital technology and criminal law, but rather, "the contents of that phone, much of which will be about her,

During a Friday call with reporters where Apple discussed the security of iOS devices, Apple shared some interesting statistic on iPhone unlocking that were highlighted this morning in a report from Ben Bajarin (via The Verge).
According to Apple, the average iPhone user unlocks his or her iPhone 80 times per day, and 89 percent of iPhone users who have access to Touch ID have set it up and use it to unlock their devices, saving valuable time over entering a PIN.
During a 12 hour day, that equates to checking one's iPhone 6 to 7 times per hour or approximately every 10 minutes. Over the course of a full day, using Touch ID instead of a PIN code can save several minutes of time, and as it doesn't disrupt the iPhone entry experience, it's something most people don't hesitate to enable.
As Bajarin points out, implementing security on a device that needs to be unlocked close to a hundred times a day is no small feat, with Touch ID serving as an example of Apple's efforts to balance security with user experience.Apple is attempting something that seems unprecedented at an industry level. To bring industry leading security but do so by actually enhancing the user experience. Prior to Touch ID for example, many organizations required eight, and sometimes longer, PIN numbers. Imagine entering that many numbers every time you pick up your smartphone. [...]
Regardless, the simple act of logging into our phone via a secure form of login like passcodes or fingerprints is now taken for granted in much of Apple's ecosystem when, just a few years ago, anyone could have stolen

A video that has gone viral which claims to reveal a glitch allowing anyone to unlock a passcode-protected iPhone has been exposed as false.
The YouTube clip, called "iPhone Unlock Without Passcode Glitch", depicts a user gaining access to a Touch ID-equipped device by first asking Siri what time it is.
When the spoken request brings up the time, the user taps on the clock face to reveal the World Clock screen and then selects the Timer icon at the bottom of the screen. He subsequently taps on the 'When Time Ends' option and presses the section that says 'Buy More Tones'.
Upon doing so, the Apple Store opens and the user presses the home button, which unlocks the phone without the user having typed in the passcode.
The video has been viewed over 420,000 times, with some iPhone owners thanking the video's creator for discovering the issue. However, repeated attempts by MacRumors have demonstrated that the method depicted does not allow "anyone" to access a passcode-protected iPhone.
Savvy users will have noted that the method only works because the user activates Siri by pressing the home button with a finger that has clearly already been registered with the Touch ID feature's fingerprint scanner. The same process undertaken using a fingerprint that isn't registered on your iPhone makes subsequent taps to "Buy More Tones" fail to open the iTunes Store.
So if you see anyone sharing the video, you can do them a favor by explaining that the video is misleading, and their phone's data remains safe and

Norwegian police will force a 27-year-old man accused of drug possession to unlock his mobile phone via fingerprint, according to local website Bergensavisen [Google Translate]. The police believe the confiscated smartphone may contain evidence about where he obtained the illegal substance.
The man, who reportedly admitted he was culpable, has refused to unlock his phone for police since being charged, but the Nordhordland District Court's recent verdict allows Norwegian police to force the accused's thumb on to his fingerprint-secured phone. Local police will also analyze his phone call and data history.
The brand of the phone is not disclosed in the report, but if it is an iPhone, it is not clear if Norwegian police are aware that Touch ID requires a passcode as supplemental verification after 48 hours of disuse, a restart, or three failed fingerprint entry attempts. The accused was arrested on January 25, so it may be impossible for authorities to unlock an iPhone with Touch ID without taking additional measures.
In the U.S., a Virginia court ruled that fingerprints, unlike passwords and passcodes, are not protected by the Fifth Amendment. In his ruling, Judge Steven C. Frucci opined that "giving police a fingerprint is akin to providing a DNA or handwriting sample or an actual key," which is permitted under federal law.
Correction: The source article does not explicitly state that the device in question is an iPhone, and this article has been updated to reflect that.
Note: Due to the political nature of the discussion regarding this topic, the

Apple has been working to acquire the intellectual property assets of Charlottesville, Virginia-based biometric security firm Privaris, according to CNN. Privaris recently transferred 26 of its 31 patents to the iPhone maker, including 4 patents in December 2012 and dozens more in October 2014.
The patents are primarily related to fingerprint and touchscreen technology that could lead to Touch ID improvements on future devices. Last February, well-informed KGI Securities analyst Ming-Chi Kuo told investors that the next iPhone will have an improved Touch ID with reduced errors."For example, one of Privaris' patents covers the ability to use a touchscreen and fingerprint reader at the same time. Another invention of Privaris' could allow you to open a door with your iPhone by scanning your fingerprint and holding your phone up to a reader, similar to how you pay for items with Apple Pay."While the transferred patents have fueled acquisition rumors, the Privaris website has not been updated since 2010 and seemingly none of the company's senior executives or other employees have updated their LinkedIn profiles with positions at Apple.
Accordingly, it is more likely that Privaris has scaled down or went out of business and Apple has acquired the company's patent portfolio and other intellectual property. However, the possibility of an acquisition cannot be entirely ruled out.
Privaris, which reportedly raised $29 million in funding, developed a lineup of PlusID personal biometric devices to access computers, networks, websites, software, VPNs, secured printers and

Following the release of iOS 8.3 for iPhone and iPad on Wednesday, many users have turned to the Apple Support Communities, Reddit and MacRumors discussion forums about Touch ID not working in the App Store on the latest software version. The issue affects multiple iPhone and iPad models, including the iPhone 5s, iPhone 6, iPhone 6 Plus and iPad Air 2, although the bug does not appear to affect all users."I just updated to iOS 8.3 and it completely removed my ability to use Touch ID in the App Store on my iPhone 6," a post on Reddit reads. "It asks for my password for each and every purchase. Is anyone else seeing this? The option to use Touch ID in the App Store is on. I have already tried turning it off and on again to re-enter my password."The bug persists for many regardless of whether Touch ID is listed as enabled for purchases under Settings > iTunes & App Store, and there does not appear to be a proper solution for the problem yet. Apple may be forced to resolve the bug through a minor point update such as iOS 8.3.1, as it has done in the past with iOS 8.0.2 when the original iOS 8.0.1 update broke Touch ID and Wi-Fi entirely.
Fortunately, the lack of Touch ID within the App Store is mainly an inconvenience at this point for affected users, rather than a serious security issue. iPhone and iPad users will still be prompted to enter their Apple ID password when purchasing apps from the App Store, which was standard functionality before Touch ID was released on the iPhone 5s. Apple has yet to provide comment on the

This week at mobile-focused technology show Mobile World Congress, SanDisk plans to announce a several updates to its line of iXpand Flash Drives and companion app, mainly focused on expanding storage space and enabling quicker and more secure data decryption with the help of Touch ID.
The iXpand flash drive includes both USB and Lightning connectors to allow users the ability to easily transfer files, photos, and videos from an iOS device to a desktop or notebook with a traditional USB port. Currently available in 16GB, 32GB, and 64GB sizes, the company will be announcing its first addition to the iXpand line with the introduction of a 128GB model for even more file storage.
SanDisk also promises new iOS 8-inspired updates to the iXpand Sync app, notably implementing Touch ID to let users encrypt and decrypt their most sensitive files while transferring data to and from the drive. The company also notes that the update will allow users to interact and open files from the iXpand drive with various other "popular apps", as well as save content inside of the third-party apps directly onto the drive.
No official pricing has been given for the 128GB drive yet, but seeing as the current highest capacity version of the iXpand flash drive at 64GB retails for $109.99, those interested in the new high-end model can expect to pay a substantial premium over that for double the storage.
The company says the extensive update to the iXpand app will be going live this week during Mobile World Congress, taking place in Barcelona from March 2-5. The SanDisk iXpand Sync app is

Two banks based out of the United Kingdom - Royal Bank of Scotland and NatWest - yesterday announced incoming support of Touch ID in their iOS-based apps, allowing customers to gain access to their accounts without needing to input a user name and password (via BBC News).
Customers of each bank will need to activate the Touch ID feature with their existing security information within each respective app before being able to gain access to their banking statements via their finger. After three failed Touch ID login attempts, each bank said the app will revert to the traditional user name/password protected log-in request before needing to re-establish the Touch-ID features.
BBC reported that a few "security experts" voiced concern over the new fingerprint security feature given reports of specialized fake fingerprint hacks. Speaking to BBC, Ben Schlabs, of SRLabs, a German hacking think tank, said, "The security implications are the same, it is just as dangerous... I think it has been shown that it is pretty easy to spoof it and the risks aren't fully understood." There have, however, been no reports of such hacks being successfully used for malicious purposes.
With the recent surge of online and app-based banking solutions, both RBS and NatWest are confident the new feature will continue to offer their customers the level of security and accessibility they expect from the banks.
Stuart Haire, managing director, RBS and NatWest Direct Bank, said: "There has been a revolution in banking, as more and more of our customers are using digital technology to bank with

Touch ID could be headed to the next-generation MacBook Air, MacBook Pro, Magic Mouse and Magic Trackpad, according to a sketchy rumor from Taiwanese website Apple.club.tw [Google Translate]. The report, citing sources, claims that the fingerprint scanner will be positioned above the trackpad on MacBooks and integrated directly into the Magic Mouse and Magic Trackpad for desktop Mac users.
The addition of a built-in fingerprint scanner on the latest MacBooks, Magic Mouse and Magic Trackpad would enable Apple to make an aggressive push into the mobile payments industry with Apple Pay. The NFC-based mobile payments platform is currently limited to the iPhone 6 and iPhone 6 Plus, and will be compatible with the iPhone 5s, iPhone 5c and iPhone 5 when paired with an Apple Watch.
There are a few reasonable obstacles, however, that suggest this rumor may not be true. First, there is limited space above the trackpad on MacBooks for Apple to implement Touch ID, especially on the upcoming 12-inch MacBook Air. Meanwhile, integrating Touch ID on the Magic Mouse and Magic Trackpad would be complex due to the need for secure wireless transmitting authentication.
Apple.club.tw has shared reliable information in the past about Apple's upcoming product plans, leaking photos of components for next-generation products such as the iPhone 6 and iPad Air 2. Nevertheless, this rumor should be treated with a proverbial grain of salt until further information is known.
Non-Retina MacBook Airs could be updated as soon as late February, while the 12-inch Retina MacBook Air is expected

MacRumors attracts a broad audience
of both consumers and professionals interested in
the latest technologies and products. We also boast an active community focused on
purchasing decisions and technical aspects of the iPhone, iPod, iPad, and Mac platforms.